Thank you for your reply. I tried creating a windows sync agreement between
the 389 DS and AD Read Only DC(RODC). When I give all the details in the
New Windows Sync Agreement screen , it does not give me an error message
saying that "Cannot contact active directory server." But when I try to
initiate Full Re-synchronization it gives me an error saying "connection
error: operation failure - Total update aborted. Error Code:1". But I am
seeing all the users and groups properly sync without passwords at the
proper target OU in the 389 DS. Can this be a bug or am I missing something?
I don't get this error If I am syncing with an AD Read Write DC(RWDC).
Regards.
On Wed, Dec 5, 2018 at 3:56 PM William Brown <william(a)blackhats.net.au>
wrote:
> On 30 Nov 2018, at 01:30, Abhisheyk Deb <abhisheykdeb(a)gmail.com> wrote:
>
> I have the following structure AD RWDC(Read Write), AD RODC(Read Only),
and a 389 DS instance.
>
> PassSync will be installed on the AD RODC and the 389 DS instance will
sync with it.
>
> If the users are created on the AD RWDC and synced with the RODC, can
PassSync still intercept passwords in cleartext format, and push them to
389 DS?
I think the answer is “yes” but you won’t get anything from the RODC
Denied Replication group (IE domain admins).
>
>
> _______________________________________________
> 389-users mailing list -- 389-users(a)lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
—
Sincerely,
William
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...